1 / 20

IS 4506 Windows NTFS and IIS Security Features

IS 4506 Windows NTFS and IIS Security Features. Overview. Windows NTFS Server security Internet Information Server security features Securing communication with IIS Configuring SSL Digital Certificates. Windows 2000 Server Security Recommendations. Securing User Accounts and Groups

carrie
Download Presentation

IS 4506 Windows NTFS and IIS Security Features

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS 4506Windows NTFS and IIS Security Features

  2. Overview • Windows NTFS Server security • Internet Information Server security features • Securing communication with IIS • Configuring SSL • Digital Certificates

  3. Windows 2000 Server Security Recommendations • Securing User Accounts and Groups • Allow anonymous access with Internet guest account • Require users to choose difficult passwords • Limit administrator accounts • Applying Strict Account Policies • Securing Resource Access - NTFS Permissions • IIS Security Checklist

  4. (Page 134) File Systems Operations Access Permissions

  5. NTFS Permissions (Page 134) Five standard types of permissions: • Full Control • No Access • Read • Change • Special Access

  6. Other Windows NTFS Security Measures • Limit the number of protocols the network adapter cards use. • Use the Bindings tab in the Network Program in Control Panel to unbind any unnecessary services or protocols. • Turn off the Windows NT Server Service on the IIS Server to prevent users from viewing shares. • Use NT Filtering

  7. Access Control with IIS • Web access control • IP access and domain name restrictions • Anonymous access and authentication control • Authentication methods • Web Server permissions for files and directories • NTFS permissions

  8. Security Requirements for Internet Servers • Authentication of users • Resource access control • Encrypted communication • Auditing and logging

  9. Web Server Permissions for Files and Directories

  10. Authentication Methods

  11. Name: Password: Name: Password: Xxxx xxxxxxxx Anonymous Access and Authentication Control • Anonymous Access has user-applied restrictions • Authentication Control denies access and then queries the user for authentication

  12. IP Access and Domain Name Restrictions

  13. No Yes No Yes No Yes No Yes No Yes Web Access Control Web server receives request IP address permitted? User permitted? Web server permissions allow access? NTFS permissions allow access? Access denied Access granted

  14. Review • Windows NT Server security recommendations • Security requirements for Internet servers • Access control with IIS • Securing communication with IIS

  15. Lab 9: Restricting Access to a Web Site

  16. Review • Windows 2000 Server security recommendations • Security requirements for Internet servers • Access control with IIS • Securing communication with IIS

More Related